Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6604 | 1 Zh Yandexmap Project | 1 Zh Yandexmap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request. | |||||
| CVE-2018-6585 | 1 Techjoomla | 1 Jticketing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter. | |||||
| CVE-2018-6584 | 1 Dthdevelopment | 1 Dt Register | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request. | |||||
| CVE-2018-6583 | 1 Quanticalabs | 1 Timetable Responsive Schedule | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request. | |||||
| CVE-2018-6582 | 1 Zh Googlemap Project | 1 Zh Googlemap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. | |||||
| CVE-2018-6581 | 1 Joommasters | 1 Jms Music | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter. | |||||
| CVE-2018-6579 | 1 Jextn | 1 Reverse Auction | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request. | |||||
| CVE-2018-6578 | 1 Jextn | 1 Je Paypervideo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | |||||
| CVE-2018-6577 | 1 Jextn | 1 Membership | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | |||||
| CVE-2018-6576 | 1 Ezcode | 1 Event Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter. | |||||
| CVE-2018-6575 | 1 Jextn | 1 Classified | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request. | |||||
| CVE-2018-6494 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. | |||||
| CVE-2018-6493 | 1 Hp | 2 Network Automation, Network Operations Management Ultimate | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. | |||||
| CVE-2018-6410 | 1 Machform | 1 Machform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter. | |||||
| CVE-2018-6398 | 1 Joomlacalendars | 1 Event Calendar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action. | |||||
| CVE-2018-6396 | 1 Google Map Landkarten Project | 1 Google Map Landkarten | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action. | |||||
| CVE-2018-6395 | 1 Joomlacalendars | 1 Visual Calendar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action. | |||||
| CVE-2018-6394 | 1 Techjoomla | 1 Invitex | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action. | |||||
| CVE-2018-6393 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors. | |||||
| CVE-2018-6382 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass | |||||